•Provided cybersecurity engineering support for the development and maintenance of IC common-use systems, ensuring compliance with RMF guidelines using MDA’s Enterprise Mission Assurance Support Service (eMASS).•Reviewed, updated, and processed Authorization to Operate (ATO) and Interim Authorization to Test (IATT) renewals, ensuring quality control of workflows in MDA’s eMASS instance.•Maintained and tracked Plans of Action and Milestones (POA&Ms), addressing Authorizing Official (AO) liens and ensuring timely resolution.•Produced detailed weekly, monthly, and quarterly reports for the Information System Security Manager (ISSM) to support informed decision-making.•Supported Control Validation Testing (CVTs) by coordinating tasks, tracking deliverables, and ensuring timely completion in compliance with MDA requirements.Assisted in preparing for and executing cybersecurity inspections, including Mission Cybersecurity Task Orders (MCTO) and Command Cyber Readiness Inspections (CCRI).•Documented and reviewed security controls and Control Correlation Identifier (CCI) answers to verify compliance with established standards.•Collaborated with ISSM, administrators, and fellow ISSOs to provide coordinated and effective responses regarding IC common-use systems.•Participated in technical discussions with government and contract customers to address cybersecurity needs and align expectations.•Conducted Continuous Monitoring (ConMon) activities on assigned systems to maintain a secure operational environment.

•Conducted comprehensive assessments of IT systems to ensure compliance with NIST 800-171 and CMMC standards, identifying and mitigating security risks•Analyzed and documented system security plans (SSPs) and plans of action and milestones (POA&Ms) for continuous monitoring.• Developed, reviewed, and updated organizational policies and procedures to align with CMMC requirements.• Collaborated with IT, security, and other relevant departments to ensure a comprehensive approach to CMMC compliance.• Led audits of third-party vendors, evaluating their compliance with cybersecurity standards and recommending corrective actions.

● Performed vulnerability assessments and provided remediation of critical vulnerabilities based on core findings. ● Developed a strong knowledge and skillset across multiple designated security functional areas including application security, technical project management, third party risk, policy governance, awareness training. ● Kept abreast of industry developments and vendor alerts to proactively identify and address potential vulnerabilities. ● Collaborated with teams to analyze, investigate, and respond to security incidents, ensuring timely and accurate threatmitigation. ● Collaborate with legal and IT teams to ensure proper documentation and reporting of security incidents.

● Collaborated cross-functionally to address compliance concerns and implemented corrective actions.● Conducted regular audits to evaluate the effectiveness of HIPAA compliance controls and practices.● Delivered healthcare to 5 agencies with over 228K beneficiaries and 4K students; administered treatment and executedprescribed plans.● Assisted in emergency response planning, ensuring the security of healthcare facilities during crisis situations, includingpatient safety protocols.● Managed relationships with third-party partners and vendors to ensure their services meet our security and compliance standards

• Led the compliance and assurance functions within GRC to continuously evaluate cybersecurity controls to ensure effectiveness, compliance and adherence to key controls and policies and drive remediation efforts through innovative security risk assessment processes, policies, and automation.• Monitored security alerts and incidents, investigated root causes, and developed mitigation strategies to prevent future occurrences.• Identified and evaluated potential risks to client systems and data, applying a comprehensive risk management framework based on industry best practices.• Reviewed and updated cybersecurity policies, aligning them with the latest Industry standards such as NIST, PCI, CIS Controls and ISO 27001.• Created comprehensive cybersecurity policies and procedures that complied with relevant laws, regulations, and standards. • Evaluated risks and developed security standards, procedures, and controls to manage risks.• Developed and refined incidence response plans, ensuring they align with NIST guidelines, and conduct tabletop exercises to test the effectiveness of the plans.

• Collaborated with internal and external vendor teams to assess, monitor, and manage risks associated with third-party relationships.• Developed and maintained information security and compliance policies and procedures to ensure compliance with industry standards and regulations such as PCI-DSS and GDPR. • Worked with business teams to conduct thorough assessments of third-party vendors to identify potential risks to the organization. This includes evaluating their security practices, data handling procedures, and regulatory compliance.• Prepared detailed risk assessment reports, clearly articulating findings and recommendations and maintained a comprehensive repository of all third-party risk assessments and associated documentation.• Assessed third party cybersecurity controls, identified gaps, assisted in development of mitigation strategies, and managed them to closure.• Conducted risk analyses to ensure consistency in the detailed risk assessment lifecycle inclusive of identification, socialization, mitigation, and closure.• Supported the third-party continuous monitoring efforts by partnering with TPRM, Procurement, Legal, and key business stakeholders.

● Kept and maintained an up-to-date register of Data Controllers. ● Conducted investigations into complaints under the Act; determined it in a manner the Commission considers fair and take enforcement action where necessary. ● Examined complaints from the public with regards to alleged infringements of the data protection law. ● Conducted data audits to identify what personal data is collected, processed, stored, and transmitted by the organization. Mapping the flow of data throughout the organization's systems and processes.● Provided training and awareness programs to employees on data protection principles, policies, andprocedures. Ensuring that staff members understood their responsibilities in handling personal data securely.